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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 03 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)S Responsive to communication(s) filed on 03 December 2003 . 
2a)Q This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) [3 Claim(s) 1-27 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) El Claim(s) 1-27 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ED Notice of References Cited (PTO-892) 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) ^ Information Disclosure Statement(s) (PTO/SB/08) 

Paper No(s)/Mail Date 06/17/2003 . 



4) C] Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) C] Notice of Informal Patent Application 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20070609 



Application/Control Number: 10/727,322 
Art Unit: 2136 



Page 2 



DETAILED ACTION 



1. 



This office action is in response to the communication filed on 12/03/2003. 



2. 



Claims 1-27 are currently presented for the examination. 



3. 



Claims 1-27 have been rejected. 



Claim Rejections - 35 USC § 101 



35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any 
new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

4. Claims 10-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to 
non-statutory subject matter. 

Regarding claims 10-18, the specification and the claim languages fail to disclose "the 
computer program product" as a tangible or non-software product. Therefore, a computer program 
product comprising only "code" is considered to be a program per se product, and non-statutory 
(MPEP 2106.01 [R-5]). 

The examiner further notes, claimed computer program product can " have " (or associate 
itself with an outside or external medium such as a plug-in object) tangible medium embodying 
computer executable code (not clear whether same executable code referred as "code" later) , and 
still can be non-statutory since claimed program product actually comprised of only codes. 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the 
rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 



Claim Rejections - 35 USC § 102 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed in the 
United States before the invention by the applicant for patent or (2) a patent granted on an application for patent by another 
filed in the United States before the invention by the applicant for patent, except that an international application filed under the 
treaty defined in section 351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) of such treaty in the 
English language. 

5. Claims 1-27 are rejected under 35 USC 102 (e) as being anticipated by Wood et al (US 
6668322 Bl). 

Regarding claim 1 and 19, Wood et al discloses a method/ system for managing multiple 
user identities for a user of an electronic commerce (e-commerce) site, the method comprising: 

defining the e-commerce site as one or more security domains (Col 13, lines 1-20; Col 15, 
starting at line 9; security architecture; controlling access to several/ multi level domains); and 

in response to a user's request to invoke an operation of the e-commerce site: determining a 
one of the one or more security domains to which the operation relates (Fig 4.410: domainld; Col 13, 
lines 1-20; Col 15, starting at line 9; accessing resources in several/ multi level domains) ; 

performing one of a) creating a session (Col 11, starting at line 11; Col 16, starting at line 
50; session creation) and b) reusing a session for the user automatically in accordance with the 
determined security domain, said session associated with a user identity and a role indicating 
privileges for invoking operations of the e-commerce site in at least the determined security domain; 
and persisting said session for reuse (Col 8, starting at line 9; Col 13, starting at line 5; Col 15, 
starting at line 8; Col 16, starting at line 35; Claim 1,12; session credentials/ tokens for persistent/ 
subsequent sessions). 



Regarding claim 10, Wood et al discloses a computer program product having a computer 
readable medium tangibly embodying computer executable code for managing multiple user 
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identities for a user of an electronic commerce (e-commerce) site defined using one or more security 
domains, the computer program product comprising code for (Col 4, line 35-45; Claim 28; computer 
program products): 

in response to a user's request to invoke an operation of the e-commerce site (Fig 2; 
operations after step 201 : access requests; Col 6, line 44-56; Col 15, starting at line 8; handling 
access requests; resource identification): 

determining a one of the one or more security domains to which the operation relates (Fig 
4.410: domainld; Col 13, lines 1-20; Col 15, starting at line 9; accessing resources in several/ multi 
level domains); 

performing one of a) creating a session (Col 11, starting at line 11; Col 16, starting at line 
50; session creation )and b) reusing a session for the user automatically in accordance with the 
determined security domain, said session associated with a user identity and a role indicating 
privileges for invoking operations of the e-commerce site in at least the determined security domain; 
and persisting said session for reuse (Col 8, starting at line 9; Col 13, starting at line 5; Col 15, 
starting at line 8; Col 16, starting at line 35; Claim 1,12; session credentials/ tokens for persistent/ 
subsequent sessions). 

Regarding claim 2, Wood et al discloses the method comprising invoking said requested 
operation with said user identity and role of said session (Col 10, starting at line 63; Col 16, starting 
at line 35, session objects; access requests). 

Regarding claim J, Wood et al discloses the method wherein the session comprises 
information indicating at least one of: the user preference's for invoking operations at the e- 



r 
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commerce site; the user's preferences for invoking operations at least the determined security 
domain (Col 12, starts at line 66; Col 15, starting at line 9; resource identification: session tokens for 
several domains); and a security signature for authenticating the session information (Col 14, starting 
at line 60; assigning signed/ cryptbgraphically secured session credentials for different sessions/ 
domains). 

Regarding claim 4> Wood et al discloses the method comprising evaluating the requested 
operation to determine an operation type and wherein said step of performing is performed in 
accordance with the operation type (Col 15, starting at line 9; accessing requested resources). 

Regarding claim 5, Wood et al discloses the method comprising receiving the user's request 
in association with one or more sessions persisted for the user and selecting a one of the sessions in 
accordance with said determined security domain; and wherein said performing is performed in 
response to said selecting (Col 10, starting at line 30; Col 12, starts at line 66; session tokens for 
several domains; Col 16, starting at line 35; session credentials/ tokens for persistent/ subsequent 
sessions). 

Regarding claim 6, Wood et al discloses the method wherein said user identity is associated 
with an identity type for permitting the invocation of operations; wherein said method comprises 
receiving the user's request in association with one or more sessions persisted for the user and 
retrieving a user identity for the determined security domain from said one or more sessions; and 
wherein said performing is performed in response to the identity type of the retrieved user identity 
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(Col 3, starting at line 1; Col 10, starting at line 48; Claim 1,12; session credential including user 
identifying information; session continuity; access requests). 

Regarding claim 7, Wood et al discloses the method wherein said step of persisting 
comprises providing one or more cookies defining the session to the user for associating with a 
subsequent request (Col 8, starting at line 9; Col 13, starting at line 5; Col 15, starting at line 8; Col 
16, starting at line 35; session credentials/ cookies/ tokens for persistent/ subsequent sessions). 

Regarding claim 8, Wood et al discloses the method wherein the cookies comprise an 
authentication cookie and a session cookie; and wherein the method comprises authenticating the 
user's request (Fig 4.410, 420; encrypted login and session credentials/ cookie; Col 9 lines 6-15; Col 
14, starting at line 21; claim 23, 24; multiple secured credentials ). 

Regarding claim 9, Wood et al discloses the method comprising: defining each of the one or 
more security domains as a hierarchy of organizations and assets owned by the organizations; and 
wherein said determining a one of the one or more security domains to which the operation relates 
comprises evaluating the user's request in accordance with the hierarchy (Col 15, starting at line 8; 
domain level credentials). 

Regarding claim 20, Wood et al discloses the system wherein the identity manager 
component is adapted to invoke said requested operation with said user identity and role of the 
session (Fig 1: Gatekeeper; Fig 3A:321, central security architechture). 
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Regarding claims 11-18, they recite the limitations of claims 1-10, therefore, they are 
rejected applying as above rejecting claims 1-10. 

Regarding claims 21-27, they recite the limitations of claims 1-10 and 20, therefore, they 
are rejected applying as above rejecting claims 1-10 and 20. 



6. A shortened statutory period for response to this action is set to expire in 3 (Three) months 
and 0 (Zero) days from the mailing date of this letter. Failure to respond within the period for 
response will result in ABANDOMENT of the application (see 35 U.S.C 133, M.P.E.P 710.02(b)). 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Shanto M Abedin whose telephone number is 571-272-3551. The examiner 
can normally be reached on M-F from 9:00 AM to 5:30 PM. If attempts to reach the examiner by 
telephone are unsuccessful, the examiner's supervisor, Moazzami Nasser, can be reached on 571 - 
272-4195. The fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
Shanto M Abedin 



Conclusion 



Examiner, AU2136 



NASSER MOAZZAMI 
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